Identity Governance Blog

Three Surprising Insights from the 2025 State of IGA—and Why They Matter

By Anders Askåsen, Product Marketing Director

There is a growing emphasis on Identity Governance and Administration (IGA) to tackle the relentless challenges around access control, regulatory compliance, and the ever-increasing security threats that loom over every organization.

Omada’s new 2025 State of IGA survey, which gathered perspectives from 502 organizations, uncovered several compelling data points and without revealing all the juicy statistics and details just yet, here’s a sneak peek of the highlights.

Below are three key findings and I will share how they could impact strategic decision-making within your organization. If you’d like to explore these insights further, join me, Anders Askåsen, Product Marketing Director, and Omada Field Strategist Paul Walker for a webinar where we’ll dive deeper into the survey results.

 

IGA Funding is Surging, Yet Challenges Remain

Key Data Point: Nearly nine in ten respondents (89.1%) report that teams and resources responsible for IT security are better funded today than a year ago.

Why This is Surprising

Seeing such a high proportion of organizations experiencing an uptick in funding highlights an industry-wide shift where identity security is recognized as a core business need. A potential driver that I tend to return to is the ever-increasing regulatory compliance landscape with the introduction of NIS2 for critical infrastructure and the wider supply chain and DORA to tackle cyber resiliency in the financial sector. However, despite these stronger budgets, many respondents point to persistent gaps:

  1. Labor-Intensive Processes: Over one-third cite time-consuming manual tasks as a prime driver for IGA investments. This implies that even with bigger budgets, some organizations struggle to use their resources effectively.
  2. Complex Customization: Over half (51.6%) mention administrative burden and extensive customization demands as ongoing hurdles.
  3. High Cost of Ownership: 58.8% thinks the Total cost of ownership is restrictive (upgrades are too time consuming, solution requires resources that are not available, complex customization).

 

Deeper Analysis & Implications

Better funding suggests organizations are working to mature their identity practices. Yet if those funds aren’t leveraged to automate or streamline manual efforts, inefficiencies will continue. Adopting solutions that emphasize low-code integrations and out-of-the-box functionality becomes pivotal. Long gone are the days of complicated, heavily customized IGA deployments, or at least that’s what should be argued as customers strive for increased TCO outcomes with IGA investments.

Teams should use newly available budget to focus on strategic tasks—like refining access policies—instead of wrestling with custom coding, legacy system overload and hyper-customization of their legacy IGA solution.

 

The Rise of Generative AI in IGA

Key Data Point: More than half (51.2%) of respondents say Generative AI is an important characteristic when evaluating a new IGA solution.

Why This is Surprising

Many organizations are still grasping the practical applications of Generative AI, yet over half are already calling it a “most important” factor for future deployments. Survey data also shows:

  1. Productivity Gains: 31.5% believe Gen AI assistance will improve end-user productivity, and 19.1% see it boosting administration productivity.
  2. Enhanced Analytics: 10.6% expect Gen AI to improve interpretation of analytics, which is central for continuous improvement in IGA programs.

 

Deeper Analysis & Implications

Generative AI has the potential to automate repetitive tasks, such as generating user access policies or recommending remediation steps for risky access scenarios – The numbers however show at a majority either have not discovered the benefits and possibilities with Generative AI or they are stuck in legacy solutions that doesn’t offer these capabilities.

Generative AI may also enhance risk analysis by parsing activity data at scale and pinpointing anomalies. This underscores that organizations interested in next-level IGA solutions should look for vendors that are already integrating AI-driven features, enabling them to move beyond static rules into more dynamic, context-aware governance.

 

Overly Permissive Access Remains a Major Vulnerability

Key Data Point: 73.9% strongly or somewhat agree that people in their organizations have access privileges beyond what they require, creating unnecessary risk.

Why This is Surprising

Despite growing awareness about “least privilege” best practices and a sharp focus on cybersecurity, nearly three-quarters still see overly permissive access as an unresolved problem. This signals that while organizations are investing and adopting IGA solutions, basic guardrails around access privileges are not fully enforced.

 

Deeper Analysis & Implications

Overly permissive access often stems from manual approval processes, incomplete visibility across user identities, and a reluctance to revoke old permissions that might be needed “just in case.” Addressing these issues calls for:

  1. Automation & Lifecycle Management: Automate provisioning and deprovisioning to ensure access aligns with roles and responsibilities.
  2. Periodic Access Reviews: Schedule routine audits for continuous reevaluation of access rights, making sure accounts and privileges are kept current.
  3. Role-Based Access Control (RBAC): Many respondents (56.8%) identify the need for cloud-based access control approaches like RBAC, which standardize privileges based on consistent job function profiles. Although role engineering can be time-consuming due to its largely manual nature, modern IGA solutions equipped with advanced role mining powered by machine learning and artificial intelligence can significantly streamline this process.

 

Webinar: In-Depth Analysis and Actionable Recommendations

These are just a few of the many revelations from the 2025 State of IGA data. To dig deeper into these findings, tune into our webinar ‘State of IGA 2025’.

The 2025 State of IGA survey underlines an encouraging rise in security budgets and the growing role of emerging technologies like Generative AI. At the same time, persistent gaps in role clarity and overly permissive access confirm that no organization can afford to be complacent. Join our webinar to learn how to harness these insights, streamline your IGA operations, and adopt innovations that will serve your organization’s identity needs well into the future.

 

Let's Get
Started

Let us show you how Omada can enable your business.